Sign-up

ID

VAR-201311-0234


CVE

CVE-2013-6699


TITLE

Cisco Wireless LAN Controller Device Control and Provisioning of Wireless Access Points Service disruption in protocol implementation (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-005241

DESCRIPTION

The Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service via a crafted CAPWAP packet that triggers a buffer over-read, aka Bug ID CSCuh81880. Vendors have confirmed this vulnerability Bug ID CSCuh81880 It is released as.Skillfully crafted by a third party to induce buffer overread CAPWAP Service disruption via packets (DoS) There is a possibility of being put into a state. The vulnerability is caused by insufficient data packet verification, which allows a remote attacker to exploit a vulnerability to send a specially crafted CAPWAP message to the Cisco WLC. Successfully exploiting this issue allows remote attackers to cause denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCuh81880

Trust: 2.52

sources: NVD: CVE-2013-6699 // JVNDB: JVNDB-2013-005241 // CNVD: CNVD-2013-14704 // BID: 63865 // VULHUB: VHN-66701

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-14704

AFFECTED PRODUCTS

vendor:ciscomodel:wireless lan controllerscope: - version: -

Trust: 2.0

vendor:ciscomodel:wireless lan controllerscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:wireless lan controller softwarescope:lteversion:7.4(.110)

Trust: 0.8

sources: CNVD: CNVD-2013-14704 // JVNDB: JVNDB-2013-005241 // CNNVD: CNNVD-201311-367 // NVD: CVE-2013-6699

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-6699
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-6699
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2013-14704
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201311-367
value: MEDIUM

Trust: 0.6

VULHUB: VHN-66701
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-6699
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-14704
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-66701
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2013-14704 // VULHUB: VHN-66701 // JVNDB: JVNDB-2013-005241 // CNNVD: CNNVD-201311-367 // NVD: CVE-2013-6699

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-66701 // JVNDB: JVNDB-2013-005241 // NVD: CVE-2013-6699

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201311-367

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201311-367

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005241

PATCH
title:Cisco Wireless LAN Controller Buffer Overread Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6699
Trust: 0.8
title:31867url:http://tools.cisco.com/security/center/viewAlert.x?alertId=31867
Trust: 0.8
title:Cisco Wireless LAN Controller (WLC) CAPWAP Message Handling Denial of Service Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/41323
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-14704 // 
            
            
            
            JVNDB: JVNDB-2013-005241

EXTERNAL IDS
db:NVDid:CVE-2013-6699
Trust: 3.4
db:BIDid:63865
Trust: 1.0
db:JVNDBid:JVNDB-2013-005241
Trust: 0.8
db:CNNVDid:CNNVD-201311-367
Trust: 0.7
db:CNVDid:CNVD-2013-14704
Trust: 0.6
db:CISCOid:20131121 CISCO WIRELESS LAN CONTROLLER BUFFER OVERREAD VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-66701
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-14704 // 
            
            
            
            VULHUB: VHN-66701 // 
            
            
            
            BID: 63865 // 
            
            
            
            JVNDB: JVNDB-2013-005241 // 
            
            
            
            CNNVD: CNNVD-201311-367 // 
            
            
            
            NVD: CVE-2013-6699

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-6699
Trust: 2.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6699
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6699
Trust: 0.8
url:http://tools.cisco.com/support/bugtoolkit/search/getbugdetails.do?method=fetchbugdetails&bugid=cscuh81880
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-14704 // 
            
            
            
            VULHUB: VHN-66701 // 
            
            
            
            BID: 63865 // 
            
            
            
            JVNDB: JVNDB-2013-005241 // 
            
            
            
            CNNVD: CNNVD-201311-367 // 
            
            
            
            NVD: CVE-2013-6699

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 63865

SOURCES
db:CNVDid:CNVD-2013-14704
db:VULHUBid:VHN-66701
db:BIDid:63865
db:JVNDBid:JVNDB-2013-005241
db:CNNVDid:CNNVD-201311-367
db:NVDid:CVE-2013-6699

LAST UPDATE DATE
2025-04-11T23:12:48.514000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-14704date:2014-03-07T00:00:00
db:VULHUBid:VHN-66701date:2014-02-28T00:00:00
db:BIDid:63865date:2013-11-25T01:05:00
db:JVNDBid:JVNDB-2013-005241date:2013-11-27T00:00:00
db:CNNVDid:CNNVD-201311-367date:2013-12-13T00:00:00
db:NVDid:CVE-2013-6699date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-14704date:2013-11-26T00:00:00
db:VULHUBid:VHN-66701date:2013-11-22T00:00:00
db:BIDid:63865date:2013-11-21T00:00:00
db:JVNDBid:JVNDB-2013-005241date:2013-11-27T00:00:00
db:CNNVDid:CNNVD-201311-367date:2013-11-22T00:00:00
db:NVDid:CVE-2013-6699date:2013-11-22T19:55:09.920